Glossary
Application
Program that is designed for interaction with a solution user and for performing user tasks.
Related sections:
Building a KasperskyOS-based solution
Arena chunk descriptor
Structure containing the offset of the arena chunk in bytes (relative to the start of the arena) and the size of the arena chunk in bytes.
Related sections:
Working with an IPC message arena
Arena descriptor
Structure containing three pointers: one pointer to the start of the arena, one pointer to the start of the unused part of the arena, and one pointer to the end of the arena.
Related sections:
Working with an IPC message arena
Callable handle
A callable handle is a client IPC handle that simultaneously identifies an IPC channel to a server and an endpoint of this server.
Related sections:
Creating handles
Capability
Each handle is associated with access rights to the resource identified by this handle, which means it is a capability in terms of the capability-based security mechanism known as Object Capability (OCap). By receiving a handle, a process obtains the access rights to the resource that is identified by this handle. For example, these access rights may consist of read permissions, write permissions, and/or permissions to allow another process to perform operations on the resource (handle transfer permission).
Related sections:
Managing access to resources
Managing handles (handle_api.h)
CDL
Component Definition Language is a declarative language used to create a formal specification of a solution component.
Related sections:
Formal specifications of KasperskyOS-based solution components
CDL description
Client
In the context of IPC, client refers to the client process.
Client library of the solution component
Transport library that converts local calls into IPC requests.
Related sections:
Transport code for IPC
Client Process
Process that uses the endpoint of another process via the IPC mechanism. One process can use multiple IPC channels at the same time. A process may act as a client for some IPC channels while acting as a server for other IPC channels.
Related sections:
IPC mechanism
Conditional variable
Synchronization primitive that is used to notify one or more threads about the fulfillment of a condition required by these threads. It is used together with a mutex.
Related sections:
Using synchronization primitives (event.h, mutex.h, rwlock.h, semaphore.h, condvar.h)
Constant part of an IPC message
The part of an IPC message that contains the RIID, MID and (optionally) fixed-size parameters of interface methods.
Related sections:
Overview: IPC message structure
Working with an IPC message arena
IDL data types
Critical section
Section of code in which the resources shared by threads are accessed.
Related sections:
Using synchronization primitives (event.h, mutex.h, rwlock.h, semaphore.h, condvar.h)
Description of a security policy for a KasperskyOS-based solution
A set of interrelated text files with the psl extension that contain declarations in the PSL language.
Related sections:
Describing a security policy for a KasperskyOS-based solution
General information about a KasperskyOS-based solution security policy description
Security.psl.in template
Example descriptions of basic security policies for KasperskyOS-based solutions
Methods of KasperskyOS core endpoints
Direct memory access
Direct memory access (DMA) is a feature that allows data exchange between devices and the main system memory independently of the processor.
Related sections:
Using DMA (dma.h)
Managing I/O memory isolation (iommu_api.h)
DMA
DMA buffer
Buffer that consists of one or more physical memory regions (blocks) that are used for direct memory access.
Related sections:
Using DMA (dma.h)
Managing I/O memory isolation (iommu_api.h)
EDL
Entity Definition Language is a declarative language used to create a formal specification of a solution component.
Related sections:
Formal specifications of KasperskyOS-based solution components
EDL description
Endpoint
Set of logically related methods available via the IPC mechanism (for example, an endpoint for receiving and transmitting data over the network, or an endpoint for handling interrupts).
Related sections:
Overview
IPC mechanism
Methods of KasperskyOS core endpoints
Endpoint ID
A Runtime Implementation Identifier (RIID) is the sequence number of an endpoint within the set of endpoints of a server (starting at zero).
Related sections:
IPC mechanism
Overview: IPC message structure
Endpoint Interface
Set of signatures for endpoint methods. The endpoint interface is defined in the IDL description.
Related sections:
Formal specifications of KasperskyOS-based solution components
IDL description
Endpoint method
Endpoint Method ID
An Endpoint Method ID (MID) is the sequence number of the endpoint method within the set of methods of this endpoint (starting at zero).
Related sections:
IPC mechanism
Overview: IPC message structure
Event
Synchronization primitive that is used to notify one or more threads about the fulfillment of a condition required by these threads.
Related sections:
Using synchronization primitives (event.h, mutex.h, rwlock.h, semaphore.h, condvar.h)
Event mask
Value whose bits are interpreted as events that should be tracked or that have already occurred. An event mask has a size of 32 bits and consists of a general part and a specialized part. The common part describes events that are not specific to any resources. The specialized part describes events that are specific to certain resources.
Related sections:
Using notifications (notice_api.h)
Transferring handles
Execute interface
Interface used by the KasperskyOS kernel when querying the Kaspersky Security Module to notify it about kernel startup or about initiating the startup of a process by the kernel or by other processes.
Related sections:
Setting the global parameters of a KasperskyOS-based solution security policy
Binding methods of security models to security events
Formal specification of the KasperskyOS-based solution component
A system of IDL, CDL and EDL descriptions of a solution component (IDL and CDL descriptions are optional).
Related sections:
Formal specifications of KasperskyOS-based solution components
Handle
A handle is an identifier of a resource (for example, a memory area, port, network interface, or IPC channel). The handle of an IPC channel is called an IPC handle.
Related sections:
Managing access to resources
Managing handles (handle_api.h)
KasperskyOS also uses the following descriptors:
Handle dereferencing
Operation in which the client sends a handle to the server, and the server receives a pointer to the resource transfer context, the permissions mask of the sent handle, and the ancestor of the handle sent by the client and already owned by the server. Dereferencing occurs when a client that called methods for working with a resource (such as read/write or access closure) sends the server the handle that was received from this server when access to the resource was opened.
Related sections:
Managing handles (handle_api.h)
Dereferencing handles
Handle inheritance tree
Hierarchy of generated resource handles stored in the KasperskyOS kernel.
Related sections:
Managing handles (handle_api.h)
Handle permissions mask
Value whose bits are interpreted as access rights to the resource that is identified by the specific handle.
Related sections:
Managing access to resources
Handle permissions mask
Managing handles (handle_api.h)
Handle transport container
Structure consisting of the following three fields: handle field, handle permissions mask field, and the resource transfer context field. It is used to transfer handles via IPC.
Related sections:
Transferring handles
OCap usage example
Hardware interrupt
Signal sent from a device to direct the processor to immediately pause execution of the current program and instead handle an event related to this device. For example, pressing a key on the keyboard invokes a hardware interrupt that ensures the required response to this pressed key (for example, input of a character).
Related sections:
Managing interrupt processing (irq.h)
IDL
Interface Definition Language is a declarative language used to create a formal specification of a solution component.
Related sections:
Formal specifications of KasperskyOS-based solution components
IDL description
Init description
An init description consists of a text file containing data in YAML format that identifies the processes and IPC channels that are created when the solution starts. The init description file is normally named init.yaml.
Related sections:
Overview: Einit and init.yaml
Example init descriptions
Init.yaml.in template
Initializing program
The Einit program, which is started by the KasperskyOS kernel, starts other programs according to the init description and creates IPC channels.
Related sections:
Overview: Einit and init.yaml
CMakeLists.txt file for building the Einit program
Structure and startup of a KasperskyOS-based solution
einit
Interface Method
Subprogram that is called via IPC.
Related sections:
IPC mechanism
IDL description
Methods of KasperskyOS core endpoints
Interprocess communication
Interprocess communication (IPC) is a mechanism for interaction between different processes and between a process and the KasperskyOS kernel.
Related sections:
IPC
Initializing IPC transport for interprocess communication and managing IPC request processing (transport-kos.h, transport-kos-dispatch.h)
POSIX support limitations
IPC
IPC channel
KasperskyOS kernel object that allows processes to interact with each other by transmitting IPC messages. An IPC channel has a client side and a server side, which are identified by a client and server IPC handle, respectively.
Related sections:
IPC mechanism
Creating IPC channels
IPC handle
An IPC handle is a handle that identifies an IPC channel. A client IPC handle is necessary for executing a Call() system call. A server IPC handle is necessary for executing the Recv() and Reply() system calls. The callable handle and listener handle are IPC handles.
Related sections:
IPC mechanism
Creating handles
Creating IPC channels
IPC message
Data packet that is transmitted between different processes and between processes and the KasperskyOS kernel for IPC. An IPC message contains a constant part and an (optional) arena.
Related sections:
Overview: IPC message structure
IPC message arena
Optional part of an IPC message that contains variable-size parameters of interface methods (and/or elements of these parameters).
Related sections:
Overview: IPC message structure
Working with an IPC message arena
IPC request
IPC message sent to a server from a client.
Related sections:
IPC mechanism
IPC response
IPC message sent to a client from a server.
Related sections:
IPC mechanism
IPC transport
Add-on that works on top of system calls for sending and receiving IPC messages and works separately with the constant part and arena of IPC messages. Transport code works on top of this add-on.
Related sections:
Initializing IPC transport for interprocess communication and managing IPC request processing (transport-kos.h, transport-kos-dispatch.h)
Initializing IPC transport for querying the security module (transport-kos-security.h)
KasperskyOS
A specialized operating system based on a separation microkernel and security monitor.
Related sections:
Overview
KasperskyOS Security Model
Framework for implementing security policies for solutions.
Related sections:
Describing a security policy for a KasperskyOS-based solution
KasperskyOS security models
KasperskyOS-based solution
System software (including the KasperskyOS kernel and Kaspersky Security Module) and applications integrated to work as part of a software/hardware system.
Related sections:
Overview
Structure and startup of a KasperskyOS-based solution
Building a KasperskyOS-based solution
KasperskyOS-based solution component
Program included in a solution.
Related sections:
Overview
Formal specifications of KasperskyOS-based solution components
KSM
The Kaspersky Security Module is the KasperskyOS kernel module that allows or denies interaction between different processes and between processes and the kernel, and handles queries of processes via the security interface.
Related sections:
IPC control
Managing access to resources
KSS
Kaspersky Security System technology lets you implement solution security policies. This technology prescribes the creation of formal specifications of solution components and descriptions of solution security policies using security models.
Related sections:
Overview
Developing security policies
Listener handle
A listener handle is a server IPC handle with extended rights that allow it to add IPC channels to the set of IPC channels identified by this handle.
Related sections:
Creating IPC channels
Creating handles
Initializing IPC transport for interprocess communication and managing IPC request processing (transport-kos.h, transport-kos-dispatch.h)
Dynamically creating IPC channels (cm_api.h, ns_api.h)
Memory barrier
A memory barrier is an instruction for a compiler or processor that guarantees that memory access operations specified in source code before setting a barrier will be executed before the memory access operations specified in source code after setting a barrier.
Related sections:
Using memory barriers (barriers.h)
Message signaled interrupt (MSI)
Message signaled interrupt (MSI) is a hardware interrupt that occurs when the device accesses the interrupt controller via MMIO memory.
Related sections:
Managing interrupt processing (irq.h)
MID
Mutex
A synchronization primitive that provides for mutually exclusive execution of critical sections.
Related sections:
Using synchronization primitives (event.h, mutex.h, rwlock.h, semaphore.h, condvar.h)
POSIX support limitations
Notification receiver
KasperskyOS kernel object that collects notifications about events that occur with resources.
Related sections:
Using notifications (notice_api.h)
Managing handles (handle_api.h)
OCap
Object Capability is a security mechanism that is based on capabilities.
Related sections:
Managing access to resources
Managing handles (handle_api.h)
Operating Performance Point
Operating Performance Point (OPP) is a combination of the matching frequency and voltage for a processor group.
Related sections:
CPU frequency management endpoint
OPP
PAL
Policy Assertion Language is a declarative language used to create solution security policy tests.
Related sections:
Creating and performing tests for a KasperskyOS-based solution security policy
Examples of tests for KasperskyOS-based solution security policies
Process
A running program that has the following distinguishing characteristics:
- It can provide endpoints to other processes and/or use the endpoints of other processes via the IPC mechanism.
- It uses KasperskyOS core endpoints via the IPC mechanism.
- It is associated with a solution security policy that regulates the interactions of the process with other processes and with the KasperskyOS kernel.
Related sections:
Overview
Starting processes
init.yaml.in template
Program
Code that is executed within the context of an individual process.
Related sections:
Building a KasperskyOS-based solution
PSL
Policy Specification Language is a declarative language used to create a solution security policy description.
Related sections:
Describing a security policy for a KasperskyOS-based solution
PSL language syntax
Read-write lock
Synchronization primitive that is used to allow access to resources shared between threads for either write access for one thread or read access for multiple threads at the same time.
Related sections:
Using synchronization primitives (event.h, mutex.h, rwlock.h, semaphore.h, condvar.h)
Recursive mutex
Mutex that can be acquired by a single thread multiple times.
Related sections:
Using synchronization primitives (event.h, mutex.h, rwlock.h, semaphore.h, condvar.h)
Resource
KasperskyOS-based software/hardware system object that can be accessed by processes. Resources can be system resources or user resources.
Related sections:
Managing access to resources
Resource consumer
Process that uses the resources provided by the KasperskyOS kernel or other processes.
Related sections:
Managing access to resources
Managing handles (handle_api.h)
Mic security model
Resource integrity level
Level of trust afforded to a resource. The level of trust in a resource depends on whether this resource was created by a trusted subject within a software/hardware system running KasperskyOS or if it was received from an untrusted external software/hardware system, for example.
Related sections:
Mic security model
Resource provider
Process that manages user resources and manages access to those resources for other processes. For example, drivers are resource providers.
Related sections:
Managing access to resources
Managing handles (handle_api.h)
Resource transfer context
Data that allows the server to identify the resource and its state when access to the resource is requested via descendants of the transferred handle. This normally consists of a data set with various types of data (structure). For example, the transfer context of a file may include the name, path, and cursor position.
Related sections:
Managing handles (handle_api.h)
Resource transfer context object
KasperskyOS kernel object that stores the pointer to the resource transfer context.
Related sections:
Managing handles (handle_api.h)
RIID
Security audit
A security audit consists of the following sequence of actions. The Kaspersky Security Module provides the KasperskyOS kernel with information about decisions made by this module. Then the kernel forwards this data to the system program Klog, which decodes this information and forwards it to the system program KlogStorage (data is transmitted via IPC). The latter sends the received audit data to standard output (or standard error) or writes it to a file.
Related sections:
Creating security audit profiles
Examples of security audit profiles
Using the system programs Klog and KlogStorage to perform a security audit
Security audit configuration
Element of a security audit profile that defines the security model objects covered by the security audit and the conditions for performing the security audit.
Related sections:
Creating security audit profiles
Examples of security audit profiles
Security audit data
Information about decisions made by the Kaspersky Security Module, including the actual decisions ("granted" or "denied"), descriptions of security events, results from calling methods of security models, and data on incorrect IPC messages.
Related sections:
Creating security audit profiles
Security audit profile
Set of security audit configurations, each of which defines the security model objects covered by the security audit and the conditions for performing the security audit.
Related sections:
Creating security audit profiles
Binding methods of security models to security events
Examples of security audit profiles
Setting the global parameters of a KasperskyOS-based solution security policy
Security audit runtime-level
The security audit runtime-level is a global parameter of a solution security policy and consists of an unsigned integer that defines the active security audit configuration. (The word "level" here refers to the configuration variant and does not necessarily involve a hierarchy.)
Related sections:
Creating security audit profiles
Setting the global parameters of a KasperskyOS-based solution security policy
Security context
Data that is associated with a security ID and is used by the Kaspersky Security Module to make decisions.
Related sections:
Managing access to resources
Security event
A signal indicating the initiation of communication between a process and another process or between a process and the KasperskyOS kernel.
Related sections:
General information about a KasperskyOS-based solution security policy description
Binding methods of security models to security events
Examples of binding security model methods to security events
Security ID
A Security Identifier (SID) is a globally unique identifier of a resource. The Kaspersky Security Module identifies resources based on their security IDs.
Related sections:
Managing access to resources
Getting a security ID (SID)
Security interface
Interface that is used for interaction between a process and the Kaspersky Security Module. The security interface is defined in the IDL description.
Related sections:
Formal specifications of KasperskyOS-based solution components
EDL description
CDL description
IDL description
Binding methods of security models to security events
Initializing IPC transport for querying the security module (transport-kos-security.h)
Security model expression
Security model method that returns values that can be used as input data for other methods of security models.
Related sections:
General information about a KasperskyOS-based solution security policy description
Binding methods of security models to security events
KasperskyOS security models
Security model method
Element of a security model that determines the permissibility of interactions between various processes and between processes and the KasperskyOS kernel.
Related sections:
General information about a KasperskyOS-based solution security policy description
Binding methods of security models to security events
Examples of binding security model methods to security events
KasperskyOS security models
Security model object
Instance of a class whose definition is a formal description of a security model (in a PSL file).
Related sections:
General information about a KasperskyOS-based solution security policy description
Creating security model objects
KasperskyOS security models
Security model rule
Security model method that returns a "granted" or "denied" decision.
Related sections:
General information about a KasperskyOS-based solution security policy description
Binding methods of security models to security events
Examples of binding security model methods to security events
KasperskyOS security models
Security module decision
A decision on whether to allow or deny a specific interaction between different processes or between a process and the KasperskyOS kernel.
Related sections:
Overview
IPC control
General information about a KasperskyOS-based solution security policy description
Security pattern
A security pattern (or security template) describes a specific recurring security issue that arises in certain known contexts, and provides a well-proven, general scheme for resolving this kind of security issue. A pattern is not a finished project that can be converted directly into code. Instead, it is a solution to a general problem encountered in various projects.
Related sections:
Security patterns for development under KasperskyOS
Security pattern system
Set of security patterns together with instructions on their implementation, combination, and practical use when designing secure software systems.
Related sections:
Security patterns for development under KasperskyOS
Security policy for a KasperskyOS-based solution
Logic for processing security events in the solution. This logic is implemented by the Kaspersky Security Module. The source code of the Kaspersky Security Module is generated from the solution security policy description and formal specifications of solution components.
Related sections:
Overview
Security template
A security template (or security pattern) describes a specific recurring security issue that arises in certain known contexts, and provides a well-proven, general scheme for resolving this kind of security issue. A template is not a finished project that can be converted directly into code. Instead, it is a solution to a general problem encountered in various projects.
Related sections:
Security patterns for development under KasperskyOS
Seed
Starting number of the random number generator (seed) , which determines the sequence of the generated random numbers. In other words, if the same seed value is set, the generator creates identical sequences of random numbers. (The entropy of these numbers is fully determined by the entropy of the seed value, which means that these numbers are not entirely random, but pseudorandom.)
Related sections:
Generating random numbers (random_api.h)
Semaphore
Synchronization primitive based on a counter whose value can be atomically changed.
Related sections:
Using synchronization primitives (event.h, mutex.h, rwlock.h, semaphore.h, condvar.h)
POSIX support limitations
Server
In the context of IPC, server refers to the server process.
Server library of the solution component
Transport library that converts IPC requests into local calls.
Related sections:
Transport code for IPC
Server process
Process that provides endpoints to other processes via the IPC mechanism. One process can use multiple IPC channels at the same time. A process may act as a server for some IPC channels while acting as a client for other IPC channels.
Related sections:
IPC mechanism
SID
Subject integrity level
Level of trust afforded to a subject. The trust level of a subject depends on whether the subject interacts with untrusted external software/hardware systems or whether it has a proven standard of quality, for example.
Related sections:
Mic security model
System program
A program that creates the infrastructure for application software (for example, it facilitates hardware operations, supports the IPC mechanism, and implements file systems and network protocols).
Related sections:
Building a KasperskyOS-based solution
System resource
Resource that is managed by the KasperskyOS kernel. Some examples of system resources include processes, memory regions, and interrupts.
Related sections:
Managing access to resources
Managing handles (handle_api.h)
Thread
A thread is an abstraction used to manage the execution of program code. One process can include one or more threads. CPU time is allocated separately for each thread. Each thread may execute the entire code of the program or just a part of the code. The same program code may be executed in multiple threads.
Related sections:
POSIX support limitations
Transport code
C-language methods and types for IPC.
Related sections:
Transport code for IPC
Example generation of transport methods and types
Transport library
To use a supplied solution component via IPC, the KasperskyOS SDK provides the following transport libraries:
- Solution component's client library, which converts local calls into IPC requests.
- Solution component's server library, which converts IPC requests into local calls.
Related sections:
Transport code for IPC
User resource
Resource that is managed by a process. Examples of user resources: files, input-output devices, data storage.
Related sections:
Managing access to resources
Managing handles (handle_api.h)
User resource context
Data that allows the resource provider to identify the resource and its state when access to the resource is requested by other processes. This normally consists of a data set with various types of data (structure). For example, the context of a file may include the name, path, and cursor position.
Related sections:
Managing handles (handle_api.h)
